In response to the "Correcting TLS error" thread, I just attempted another SSL test using the site mentioned and our server is now vulnerable to the "Bleichenbacher's Oracle Threat" which appears to be fairly bad.

Is there a way to disable the RSA encryption on the CommuniGate server?
-Jeff

On 4/13/2018 8:50 AM, Jeff Wark jwark@tbaytel.net wrote:

>Here's to hoping something here might be helpful. I do remember finding various settings to be counter-intuitive at first (i.e.: The name sounded like it reduced security, the effect was to increase security).

That was the problem we had with that setting as well. "CBC Ciphers for old TLS" is something I stared at for years without every thinking about it and I was under the impression it was to relax security. When we put that setting in and did an SSL Server Test (https://www.ssllabs.com/ssltest), it made it so one of the TLS version had acceptable Ciphers instead of 3 that were considered dangerous.

If it was named "Used improved CBC Ciphers for old TLS", we would have implemented it years ago.

-Jeff

On 4/13/2018 8:43 AM, Tom Rymes trymes@rymes.com wrote:

Here's to hoping something here might be helpful. I do remember finding various settings to be counter-intuitive at first (i.e.: The name sounded like it reduced security, the effect was to increase security).

#############################################################
This message is sent to you because you are subscribed to
the mailing list <CGatePro@mail.stalker.com>.
To unsubscribe, E-mail to: <CGatePro-off@mail.stalker.com>
To switch to the DIGEST mode, E-mail to <CGatePro-digest@mail.stalker.com>
To switch to the INDEX mode, E-mail to <CGatePro-index@mail.stalker.com>
Send administrative queries to <CGatePro-request@mail.stalker.com>